Looks like, even after recreating the policy on a Vista machine, still causes a problem. Its weird. I disable the Firewall policy, I can start the firewall on Vista. I enable it, it throws an errors. My next step would be to apply a WMI filter so the policy is only applied to XP machines (probably not a bad idea anyway). So just use: SELECT * from Win32_OperatingSystem WHERE Caption LIKE "%Microsoft Windows XP%" Should do the trick, correct? Thanks. JW On 9/11/07, Delaney, Doug <doug.delaney@xxxxxxx> wrote: > > For the WMI portion, I certainly prefer the Like "%Windows XP%" method > since professional is spelled differently in some languages. > > working examples. > SELECT * from Win32_OperatingSystem WHERE Caption LIKE "Microsoft Windows > XP%" > SELECT * from Win32_OperatingSystem WHERE Caption LIKE "%Windows Vista%" > > > *Doug Delaney*** > EDS - Integration Engineering-GM > GM Desktop Engineering > 1075 W. Entrance Dr., MS 2B, Cube 2130 > Auburn Hills, MI 48326 > Lab:*** 248-365-9187*** > Tel: 248-754-7917 > Pg: 248-870-0306 pager > Mail: ***Doug.Delaney@xxxxxxx* <Doug.Delaney@xxxxxxx> > Note: The information in this email is intended solely for the addressee. > Access to this email by anyone else is unauthorized. If you are not the > intended recipient, any disclosure, copying, distribution or any action > taken or omitted to be taken in reliance on it is prohibited. > > > ------------------------------ > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Jason Williams > *Sent:* Tuesday, September 11, 2007 5:10 PM > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Re: Group Policy and Vista Firewall > > > Hi Omar, > > The problems we are having is that we can not start the Vista Firewall. > Just fails. yet, if we take a computer out of the domain, firewall starts > up. My conclusion is that the GPO was causing the issue. > > Basically, i've been working to try and clear up the GPO's here and make > them more efficient. Right now, they hvae the GPO's to allow RDP access to > XP machines as well as a few other exceptions to access the machines. It > does not really sit well with me that it is a "broad" brush stroke at the > domain level with this policy. > > I'll recreating the policy on a Vista machine, see if that does anything. > > for the WMI portion, I can actually specifiy "Microsoft Windows XP > Professional?" > After I posted my thread, I thought, "It would be better if I specifically > indicated a OS. More specific. > > Thanks. > > Jason > > > On 9/11/07, Omar Droubi <omar@xxxxxxxxxxxxxxxxxxxxx> wrote: > > > > Well 1st- what issues are you having with the GPO and Vista? > > > > 2nd- What exactly are you doing in your FW policy? Just curious since it > > applying to all workstations and servers on your network > > > > 3rd- If placing the FW GPO is correct at the domain level, log on to the > > Vista machine, open GPMC and create the a new policy with the same settings > > and replace the existing one. > > > > Policies created on Vista workstations will be backward compatible as > > far as functionality goes- but you should not administer those policies > > using GP editor or GPMC from any other operating system except vista and > > Windows Server 2008. > > > > Creating the GPO on Vista may help resolve any compatibility issues you > > are having on the vista workstations- and it should continue to work on the > > XP machines as you have in place with the current policy. > > > > As far as WMI filter goes- I have had better luck with inclusions rather > > than exclusions. I would do something like: > > > > "Select * from Win32_OperatingSystem where Caption = "Microsoft Windows > > XP Professional" > > > > Hope that helps, > > > > Omar > > > > ------------------------------ > > *From:* gptalk-bounce@xxxxxxxxxxxxx on behalf of Jason Williams > > *Sent:* Tue 9/11/2007 1:23 PM > > *To:* gptalk@xxxxxxxxxxxxx > > *Subject:* [gptalk] Group Policy and Vista Firewall > > > > > > I seem to be having some issues with Vista and Group Policy. Looking at > > the policy in place, we have a Windows XP Firewall policy applied at the > > root of the domain. Not sure if that is the best way to apply, so im looking > > for alternatives. > > > > I thought about making a WMI filter to make this Group Policy only be > > applied to XP machines. Would that be a viable option? Here is what I have > > for my filter (Still learning on how to make WMI filters and script as well) > > > > > > root\CIMv2 > > > > SELECT * FROM Win32_OperatingSystem WHERE BuildNumber !="6000" > > > > I was thinking to, can I make this better? > > > > I appreciate the help. > > > > Jason > > > >